[21.11] firefox, firefox-bin: 96.0.3 -> 97.0; firefox-esr: 91.5.1esr -> 91.6.0esr

[mweinelt]

Motivation for this change

Backport #158491

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[ajs124]

ERROR: Rust compiler 1.56.1 is too old.

[jonringer]

rip

[jonringer]

backporting rustc shouldn't cause any regressions. I'd be open to backporting the rustc bump, then adding this to staging-21.11

[jonringer]

If someone with hydra admin access was available, we could probably add it to staging-next-21.11, force an eval, then cancel all non-current builds on that job

Most of staging-next-21.11 is still queued

[ajs124]

I think historically, we've just went with _latest attributes, instead of backporting the default.

[mweinelt]

Added a backport for rustc_1_57, local build is running but I'm currently still building rustc.

[mweinelt]

0:23.96(B ERROR: Requested 'nss >= 3.74' but version of NSS is 3.73.0(B(B

👏

[jonringer]

oof

[vcunat]

Oh, I'm actually surprised that 21.11 did hold out so long without adding these _latest versions for firefox.

[vcunat]

Please don't merge before:

• ensuring that thunderbird builds

[vcunat]

I'm not sure what we should do with nss versions on 21.11. Right now we have 3.73.0, and I have no idea how to check if some non-current version has security issues (or other significant issues). For ESR Mozilla maintains 3.68.x, but we're past that, so I'm not sure if downgrading the global default is a good idea.

[ajs124]

nss changelogs are here now.

I'd say backporting recent nss releases as the default is probably fine, but we aren't missing any crucial bugfixes if we don't AFAICT.

I did that in #158686, but that doesn't really help us for this situation we're stuck in with firefox right now. Except if we want to go directly to release-21.11 with it (or just merge it into this PR).

[vcunat]

As noone seemed eager to do a workaround that would probably be useful only for a few days, I deferred the part depending on nss bump to the staging-next-21.11 branch.

All combinations pushed to both branches build for me (on x86_64-linux), and I also did some brief testing.